nanog mailing list archives
Re: What HTTP exploit?
From: Jason Dixon <jason () dixongroup net>
Date: Mon, 31 May 2004 13:18:29 -0400
On May 31, 2004, at 12:45 PM, Bob Martin wrote:
The real irony is that it doesn't bother Apache running on NT :)In all fairness, somewhere along the line there was a patch for this. All my Apache servers do is put "request failed: URI too long" in the error log. Even without the fix it really wasn't anything more than a nuisance. Killing off one child process had no effect on valid sessions or the parent process.
This also has no effect on Apache 1.3.28 on OpenBSD 3.4 (-stable), other than logging an extremely long request string. Of course, the OpenBSD folks audit/patch their own version of Apache, so it might have the patch you mention.
-- Jason Dixon, RHCE DixonGroup Consulting http://www.dixongroup.net
Current thread:
- What HTTP exploit? John Palmer (NANOG Acct) (May 30)
- RE: What HTTP exploit? Todd Mitchell - lists (May 30)
- Re: What HTTP exploit? Matthew McGehrin (May 30)
- Re: What HTTP exploit? Richard Welty (May 30)
- Re: What HTTP exploit? Suresh Ramasubramanian (May 30)
- <Possible follow-ups>
- Re: What HTTP exploit? Mike Nice (May 31)
- Re: What HTTP exploit? Vinny Abello (May 31)
- Re: What HTTP exploit? Laurence F. Sheldon, Jr. (May 31)
- Re: What HTTP exploit? Paul G (May 31)
- Re: What HTTP exploit? Bob Martin (May 31)
- Re: What HTTP exploit? Jason Dixon (May 31)
- Re: What HTTP exploit? Vinny Abello (May 31)